From 82cd5fb5453450301acba8603b0a3674e9528218 Mon Sep 17 00:00:00 2001 From: Lucas Thelen Date: Fri, 3 Oct 2025 00:27:36 +0000 Subject: [PATCH] Jellyfin --- flake.lock | 6 ++-- services/site.nix | 74 ++++++++++++++++++++++++++++++----------------- 2 files changed, 50 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 5f21279..ed18222 100644 --- a/flake.lock +++ b/flake.lock @@ -68,11 +68,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758589230, - "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", + "lastModified": 1759281824, + "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0", + "rev": "5b5be50345d4113d04ba58c444348849f5585b4a", "type": "github" }, "original": { diff --git a/services/site.nix b/services/site.nix index ff5fb00..c83862d 100644 --- a/services/site.nix +++ b/services/site.nix @@ -5,8 +5,9 @@ let #!/usr/bin/env bash set -euo pipefail - HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM" # Get from Route 53 console - DOMAIN=${domain} + HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM" + DOMAIN="${domain}" + SUBDOMAIN="jellyfin.${domain}" # Get current public IP CURRENT_IP=$(${pkgs.curl}/bin/curl -s https://ifconfig.me) @@ -17,30 +18,37 @@ let exit 1 fi - # Get current DNS record - DNS_IP=$(${pkgs.dig}/bin/dig +short "$DOMAIN" @8.8.8.8 | tail -n1) + # Function to update a DNS record + update_record() { + local RECORD_NAME=$1 + local DNS_IP=$(${pkgs.dig}/bin/dig +short "$RECORD_NAME" @8.8.8.8 | tail -n1) - if [ "$CURRENT_IP" != "$DNS_IP" ]; then - echo "[$(date)] IP changed: $DNS_IP -> $CURRENT_IP" - - ${pkgs.awscli2}/bin/aws route53 change-resource-record-sets \ - --hosted-zone-id "$HOSTED_ZONE_ID" \ - --change-batch "{ - \"Changes\": [{ - \"Action\": \"UPSERT\", - \"ResourceRecordSet\": { - \"Name\": \"$DOMAIN\", - \"Type\": \"A\", - \"TTL\": 300, - \"ResourceRecords\": [{\"Value\": \"$CURRENT_IP\"}] - } - }] - }" - - echo "[$(date)] DNS updated successfully to $CURRENT_IP" - else - echo "[$(date)] IP unchanged: $CURRENT_IP" - fi + if [ "$CURRENT_IP" != "$DNS_IP" ]; then + echo "[$(date)] $RECORD_NAME IP changed: $DNS_IP -> $CURRENT_IP" + + ${pkgs.awscli2}/bin/aws route53 change-resource-record-sets \ + --hosted-zone-id "$HOSTED_ZONE_ID" \ + --change-batch "{ + \"Changes\": [{ + \"Action\": \"UPSERT\", + \"ResourceRecordSet\": { + \"Name\": \"$RECORD_NAME\", + \"Type\": \"A\", + \"TTL\": 300, + \"ResourceRecords\": [{\"Value\": \"$CURRENT_IP\"}] + } + }] + }" + + echo "[$(date)] $RECORD_NAME DNS updated successfully to $CURRENT_IP" + else + echo "[$(date)] $RECORD_NAME IP unchanged: $CURRENT_IP" + fi + } + + # Update both records + update_record "$DOMAIN" + update_record "$SUBDOMAIN" ''; in { networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -54,11 +62,23 @@ in { recommendedTlsSettings = true; virtualHosts."${domain}" = { - forceSSL = false; - enableACME = false; + forceSSL = true; + enableACME = true; root = "${inputs.thelenlucas.packages.${pkgs.system}.default}"; }; + + virtualHosts."jellyfin.${domain}" = { + forceSSL = true; + enableACME = true; + + locations."/" = { proxyPass = "http://localhost:8096"; }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "thelenlucas@gmail.com"; }; environment.systemPackages = [ pkgs.awscli2 ];